Netgate pfSense Reviews

I use pfSense as our primary firewall and router. We use several functions of pfSense, including the OpenVPN capabilities for mobile VPN and pfBlocker for DNS blocklisting. We also use Snort for IPS capabilities. 

The solution helped us secure the perimeter against vulnerabilities. I'm confident in the team's ability to keep things updated and all the security holes patched. It also has security add-ons like IDS, IPS, etc. We realized the benefits immediately.

My favorite thing about pfSense is its overall stability of the product. It's rock solid and low maintenance. I like that aspect. It doesn't cost much, and it's feature-rich, including mobile VPN, pfBlocker, and IPS. You have the flexibility to deploy it as bare metal or VM. 

It's very easy to add features to pfSense and to configure them. The solution's management page offers a single pane of glass view. You can clearly see the various features on the main page, and it isn't difficult to drill down into the other sections for more details. 

I can't say which features Plus provides that the community edition doesn't. I only knew that the Plus edition was the path forward. I was previously on a community edition for many years, but I've been on the Plus edition for at least a couple of years now.

One area of improvement would be better communication. They kind of left a lot of people in the dark and misled them about the pfSense Plus Edition. I feel like they automatically switched people over and then followed that up with a required subscription model. That aggravated a lot of customers, including me, but I stuck with it regardless.

I have used pfSense for nearly a decade.

I rate pfSense 10 out of 10 for reliability. 

pfSense is highly scalable. The only limitation is the hardware you have behind it. As long as you can upgrade your hardware when you scale, pfSense will be able to support it. 

I rate pfSense support nine out of 10. I've typically gotten all the answers I sought when needed. They are highly responsive. I don't think I've ever had to wait more than an hour to get a reply. 

Positive

I wasn't involved in deploying pfSense. I maintain an existing one. For maintenance, you just need to periodically update to the latest version of pfSense Plus and maintain the different rulesets, such as firewall, IPS, and pfBlocker rules. 

The total cost of ownership of pfSense is rather low. After the recent subscription change, it doesn't cost us more than a couple hundred bucks a year. The only other thing I have to pay for is the business Snort license for the IDaaS IPS functionality. 

I rate pfSense nine out of 10. I recommend doing a white box deployment because it's easier on the hardware. I tried pfSense on a Netgate appliance and wasn't impressed with the performance compared to the white box I already had in place. I suggest starting with a spare server you have — Dell, HP, etc. 

I use the solution in my home. It's my firewall, DNS server, DHCP server, intrusion detection server, and reverse proxy server.

The solution's web interface is very feature-rich and well-supported. There's a large community of users out there you can get to. There are many things that I'm not using at the time. It's got great support for VPNs. One of the ways that I'm using it is for VPN support as well. Netgate pfSense is a great product.

Netgate pfSense is an extremely flexible solution.

You'll see the benefits of Netgate pfSense immediately after you deploy it. The more features you use, the more benefits you get from it. I'm using the tool for VLAN support. That was something I implemented first, and it completely changed the way I was using my network. That was a real game-changer because it provided greatly enhanced security for my network and reduced the complexity of my network.

The firewall, the intrusion detection service, the VPN support, and VLAN support keep me from getting hacked and possibly having problems with ransomware and potential data loss.

pfSense Plus provides features that help us minimize downtime. You can create copies of different environments that you set up. If you want to try a setting but want to be protected from loss and downtime, you can create a copy of your current working environment.

You should try adding the new change to your pfSense configuration. If that doesn't work, you can easily go back to the working configuration with just a simple change from within the web interface. It also does automatic backups of its configuration.

The visibility of pfSense Plus helps us optimize performance. You can overcome latency issues through traffic shaping. I previously had buffer bloat issues, which I don't have currently.

If you have a slower connection, you can use traffic shaping limiters and priority queues to ensure that your VoIP traffic, internet TV traffic, or streaming traffic has enough guaranteed bandwidth. In my case, my broadband connection is wide enough, and I do not have to really use those features.

The cost of ownership of Netgate pfSense with the hardware cost was about $ 350.

It would be nice for the code optimization to run on even slower processes. It's optimized quite a bit, but there's always room for improvement.

I have been using Netgate pfSense for two years.

We haven’t faced any issues with the solution’s stability.

From my point of view, the solution's initial setup is pretty easy. Many YouTube videos are out there to help you get it up and running. There's a lot to try, a lot of things to do, and a lot of technology to play with, but I'm afraid I'm a bit of a tinkerer. To do what I initially wanted, I probably spent a day.

I would like to see the solution's price reduced.

There is some complexity to adding features to pfSense and configuring them. I would not say it's extremely complex, but it's got a high degree of complexity.

The website is all you need to configure Netgate pfSense. If you choose to, you can use its SSH terminal interface, but that's not something that most users would do. I would think they would stick with its fully developed, mature web interface.

The solution by itself does not need any maintenance. However, if you use the incursion detection plugins, you need to make sure that those are tuned properly. That involves periodic checks and possible adjustments. New users should be prepared to learn, read the manual, and utilize YouTube resources. It'll be worth it.

Overall, I rate the solution ten out of ten.

I USE Netgate pfSense for home networks, lab environments, and R&D. In production, professional career-wise, I have built pfSense production firewalls that run in various configurations and high availability for different organizations serving a different number of clients and servicing any amount of requests throughout any given day. 

It also serves thousands to tens of millions of requests a second a day from small to large deployments.

Netgate pfSense is an extremely flexible solution. It is an open-source tool that has a very large community of professionals, enthusiasts, and hobbyists alike. There is a lot of flexibility in doing whatever you want with it. It also offers enterprise-grade support so that you can have something equivalent to the Cisco enterprise-grade data center firewall product. You could build that with pfSense or OpenSense, which is a derivative of pfSense.

The initial benefit I saw of pfSense was way before I ever used it professionally. It is a robust tool that can replace your consumer-grade firewall router solution. I also saw immediate benefits in my professional career as it is a powerful solution that can be compared to other solutions like Palo Alto or Meraki today.

Netgate pfSense can be a fully functional L7 firewall. You can not only have the base Layer 3 functionality of the firewall, but you can add things like Snort and pfBlockerNG to build out and become an L7 firewall doing actual inspection and security analysis.

It is very easy to add and configure features to Netgate pfSense.

pfSense has a built-in auto-configuration backup. While that is technically data loss from the sense of protecting the firewall, it is a feature Netgate offers to every pfSense user, licensed or not. You get this feature if you have a Netgate appliance. Just using pfSense won't get you that. There are third-party packages you can use to set up pfSense configuration backups if you don't have pfSense Plus.

In terms of data loss outside of that, you configure it in a way that puts it as a security device. By default, pfSense is not inherently a security device. It is a Layer 3 filtering firewall. If you want it to be a security appliance beyond basic TCP/IP Layer 3 filtering, you can run Snort or pfBlockerNG to turn it into a security appliance. Doing so can aid in data loss prevention by using the tool for basic intrusion detection prevention.

Netgate pfSense provides a single-pane-of-glass management capability. Its dashboard has a lot of prebuilt functionality, allowing you to have a single-page view of the firewall's status and everything going on with it.

pfSense Plus provides features that help us minimize downtime as a supporting part of the infrastructure.

pfSense Plus provides visibility that enables us to make data-driven decisions. The kind of data-driven decisions that could be made with information from pfSense are things like how much bandwidth I am using and what is the throughput of all my band connectivity.

I can also decide whether I need to go from a 1 Gig network to a 10 Gig network or a 2.5 Gig network and whether I need to increase my commit for my WAN circuit because we see that we are averaging above 99%, etc. The kind of decisions that it can help you make are related to your network and your connectivity.

The visibility that pfSense Plus provides helps us to optimize performance. It could help you to improve performance on the network side. It is, after all, a firewall router, so it is a network piece of equipment. It could help improve performance in that if you are actively monitoring, pulling data from pfSense, or actively reviewing the different types of information and graphs that pfSense provides, you could make decisions to see that a machine is consistently using lots of network traffic.

I have been using Netgate pfSense for 15 years.

I have pfSense Plus in production. I have both pfSense Plus and pfSense Community Edition (CE) running at home. They are essentially the same, and the only difference between them is the support and auto-configuration backup.

Overall, I rate the solution a nine out of ten.

I work in IT at a German insurance company, and I studied computer science. I also work in the network sector, so I know a lot about network solutions. I work with VPN solutions, Fortinet, and other products. For me, pfSense is a private home solution for my family. It's not the solution in my company.

I use pfSense as a firewall appliance, and the function is very good. But I think it's for users with more experience. It's not a solution for beginners.

If you are a professional, it's not difficult to add features to pfSense and configure them. But it is difficult if you are not. 

I utilize the core features. I have pfBlockerNG, SquidGuard, OpenSSL, and WireGuard. So, these are the core features I need.

The core benefits are that I can virtualize it with platforms like Proxmox or VMware, and I can buy third-party appliances. And Netgate offers a lot of hardware possibilities.

pfSense offers a lot of things that help to prevent data loss and intrusion, protect telemetry information, and so on. 

pfSense gives a single pane of glass management. But for me, it's not a problem because I have one appliance, but I think if you manage a lot of appliances, it could be better. It's important to be able to centralize management if I have 10 or 20 appliances.

I use pfSense Plus, it's called the "Zero-to-Ping" license [TAC Lite]. It's a very good solution, but it's a bit too expensive for private use. pfSense Plus is very good, but, for example, if I want to add another pfSense appliance for a cluster, it requires two licenses. For private use, if I want two licenses, it's very expensive.

pfSense Plus provides features to minimize downtime. One of the key features is ZFS. It's the file system. ZFS is very important for backups. I can make snapshots, and that is very good to make backups.

I am satisfied with the visibility that is provided by pfSense Plus. It is very good and optimizes performance because the hardware acceleration is very good for IPsec, SSL VPN, OpenSSL, and so on. This is very good support from pfSense.

The best feature is a function called pfBlockerNG. In pfSense, you can whitelist and blacklists for IP addresses or dangerous DNS sites. The top feature is the VPN. It's a very good SD-WAN solution and a very good VPN engine. It supports a lot of VPN techniques; it supports IPsec, SSL VPN, and WireGuard. It's the core feature of pfSense.

The flexibility is very good; we have a lot of possibilities. You can connect it with different WAN connections, whether you have a cable provider or fiber.

The feature list is good. For me, it's more important that we have fewer patches and better stability compared to OPNsense. I think OPNsense is too big. They support a lot of things, but pfSense is better. I think pfSense is better for stability.

The only thing that could be better is the hardware compatibility for LTE devices. This is a bit tricky for me; I wish the hardware compatibility were better for LTE devices.

I wish the FQ_CODEL limiters were improved. They're very good, but the FQ_PIE limiters don't work well. FQ_PIE limiters are important for cable modem connections. In Germany, we have a lot of cable providers for these interfaces, and the FQ_PIE limiters don't work well in pfSense.

I have been using it for eight to ten years. It has been a very long time. pfSense is very popular in Germany.

I use the latest pfSense Plus version.

The stability is very good.

I use it for my family, for maybe 20 or 30 devices. It's not a big environment.  

I utilize the pfSense forum and the community forum, and it's okay for me.

My preference in comparison with OPNsense is pfSense. I think it is better; it is stable.

The difference is that OPNsense has more features, but also has more bugs.

For me, pfSense is stable. It's better for my use case.

The deployment process is very good. For example, I can set up a new appliance and boot directly from a config file. This is very good.

It's very simple. I download new images, and during the boot process, if you make an image, you have a directory. In the directory, you make the config file, and then you can directly boot with the setup. You can boot a finished version. It's a good thing.

I use it on-premises. The on-prem version is very good. The software is good.

Maintenance depends on the features you use. If you have a proxy server with SSL introspection, sometimes it creates a small firewall size. If you have an easy firewall setup, then it's not so complicated. It depends on your environment and feature settings.

I did the deployment myself without the help of third parties or anything like that. It's very simple. I have enough skills because I studied computer science and work in the network sector. It's not a problem for me.

It took me ten minutes to deploy it. 

The ROI is good. pfSense is a very good solution, not only for home use, but also for middle-sized or larger companies.

In comparison with pfSense CE (Community Edition), pfSense Plus is a little bit too expensive. The pricing is a little bit high for private users. 

With the inclusion of the firewall, VPN, and router functionalities, the total cost of ownership of the pfSense Plus solution is very good because pfSense Plus has a lot of features. For the VPN features, it is good for the total cost of ownership.

I can recommend it if you are a professional or if you know what a firewall is.

It is a very good solution for the home sector, for companies, and for larger companies. I would recommend it to a lot of companies.

Overall, I would rate it an eight out of ten. 

I use pfSense for my home network firewall. I also manage two Cloud platforms that use it. 

Netgate pfSense is flexible allowing for modifications to meet our needs.

With my strong security background and experience managing pfSense, adding and configuring new features is a breeze. While some might encounter challenges, my expertise allows me to navigate them with ease.

pfSense impressed me with its ease of deployment and low maintenance. It excels in protection and firewall functionality and offers a wide range of add-ins to further customize my network. After considering alternatives like OPNsense and Untangle, pfSense emerged as the perfect fit for my needs.

The single pane of glass provided by pfSense makes it easier to determine issues related to attacks and what is being blocked. I can see live logging of the firewalls and what rules apply to what.

pfSense does a good job helping prevent data loss using Snort which identifies and blocks suspicious traffic before it enters our network.

pfSense Plus offers a visibility feature that helps me optimize network performance. The dashboard displays clear traffic graphs and device load information, and I can customize it to show exactly what I need.

The total cost of ownership is extremely reasonable. pfSense is a good option, especially for people conscious of recurring expenses.

The most valuable features of pfSense are the high availability that easily allows failover to a backup unit and the Snort integration with pfSense and WireGuard.

Netgate pfSense can improve by adding a different OS layer other than FreeBSD.

I have been using Netgate pfSense for ten years. 

Netgate pfSense has been stable.

pfSense's scalability is highly dependent on the hardware you choose, but despite this, it offers a strong ability to handle increased network demands overall.

In addition to pfSense, I have used OPNsense, WatchGuard, and Cisco. The WatchGuard rules were more straightforward than pfSense. New pfSense users might find deciding between floating and interface rules for specific scenarios confusing.

The installation is easy for those who are comfortable with command-line interfaces. It is quick and straightforward but they have to be careful when assigning the internal or external net because that can be challenging for some.

One person is enough to deploy.   

Netgate pfSense is competitively priced. The 4100 box is a good box for the price.

I would rate Netgate pfSense nine out of ten.

Before deploying pfSense in your lab, I recommend checking the pfSense forums to learn about any potential issues or considerations other users have encountered.

I use pfSense for my home monitoring. It's used to build a subnet in my home environment to separate the IoT and my daily lab. 

PfSense can separate the network into subnets, which I can't do with an ordinary home router. It is relatively simple to add a multiple gigabit network port on the home router. For example, I can buy customized hardware with 6x 2.5 GbE. It helps me optimize performance. I use pfSense as my reverse proxy and have a single interface for managing all the SSL certificates using HAProxy.

The best feature of pfSense is that it can be installed on any customized hardware. I don't need to use Netgate hardware. I like the dynamic DNS update and firewall feature. Adding features is easy. If a feature is built-in, I can check it, install the package, and convert it. If it isn't built-in, I can't add it to pfSense. 

PfSense's interface could be improved. For example, the menu is ordered alphabetically instead of logically. The reboot button should be located near the shutdown, but it's in alphabetical order. Also, Netgear should create a home license for pfSense Plus for non-commercial use.

I have used pfSense since 2020, so it's been about four years.

I rate pfSense six out of 10 for stability.

I haven't tried to scale pfSense. I only use it locally. 

I rate Netgate support five out of 10. They are helpful for basic questions, but if I ask something more complicated, they refuse because I am not a higher tier of support. The response time is acceptable.

Neutral

I used OpenWrt before pfSense but for a relatively short period. PfSense is more feature-rich than previous solutions. 

Deploying pfSense is a bit complicated, but It's nothing I can't handle. It requires some maintenance, such as when they release updates.

PfSense saves me the time I would spend doing things separately. For example, building a VM to set the rear-end policy would take a lot of time. 

If it's not the free community edition, pfSense is relatively expensive for home use. It's okay for commercial use. The cost of ownership is low. I can save about a hundred dollars annually. 

I rate Netgate pfSense seven out of 10. I recommend pfSense for advanced users. It's a good solution if you want to learn more about networking in a company environment/. 

I primarily used the solution to replace Cisco, which was horrible. I wanted something super simple. We needed something that would make the change process within my network easier.

I started with a small trial when I wanted to replace my Cisco switches. I liked that this was open source and I was able to test a few things. The capabilities of configuration made it so that I didn't have to test other options and I could translate my configuration the way I wanted to.

It's easy to configure segments in a network and the routing is good. 

It is super robust. The flexibility is great. It's the main reason I switched off of Cisco. Everything is very intuitive.

I have a pretty complex network. With this, I can do some segmenting. I can have specific firewall rules to make my network as secure as possible.

It's so easy to use. I use the VPN features a lot. It's great.

It's simple to add features. There's lots of documentation and Youtube guides to help you. I did not need specialized training thanks to this knowledge base. As long as you have a background in networking, it's pretty straightforward.

You can add other software packages to pfSense.

Between the free and paid versions, I do not see something that would make one better than the other. However, I bought the pfSense appliance to ensure I had a nice piece of hardware to save and protect my network.

pfSense does provide good visibility into my network so that I can make data-driven decisions. If I need to troubleshoot anything, I can go and look at the data, the statistics, and the graphs. I don't do this daily; I do it only if I notice strange behavior. 

It helps us optimize performance - especially in terms of internet use.

While the software is great, they could work on improving the hardware. The interface is a little bit sluggish. When I installed it on a random computer, the performance was pretty crisp. However, on the device itself, it's slower. I'd like to see them decrease storage and increase speed. With storage, you can always add more. However, you cannot make CPUs faster. 

I've used the solution since September 2022.

I've never experienced any crashes. It's quite stable. 

It's a pretty beefy appliance. That said, thus far, I have no need to scale. At the time, I went with the biggest offering they had in terms of appliance size. 

I've only contacted technical support in order to get a device replacement. I've never experienced any issues. 

I previously used Cisco. It was difficult.

The initial setup is moderately easy. I struggled a bit. It's a bit tricky at first.  However, within a couple of months, I had a really good setup. Now, it's working flawlessly. The deployment took a few months. The first month was a lot of troubleshooting. By the second month, I was fine-tuning. By the third month, it was completely up and running. 

There isn't too much maintenance. The device is almost maintenance-free. Every once in a while, there are updates. The backup is automatic after configuration. I don't have to worry about that.

I handled the setup by myself. 

The pricing is good. I'm not locked into any kind of subscription. Since I bought the appliance, I have it until it breaks. 

I'd rate the solution eight out of ten. 

I wouldn't recommend pfSense to somebody who has no limited network. While pfSense, for me, was pretty easy to set up, it does have so many features that you could easily get confused. I would recommend it to anybody with experience as a network engineer, not just a beginner. 

THe solution is used as a primary gateway with two lease lines of 450 Mbps total. Around 200 users are under it. 

There is no server or database in the environment. Users use only the internet extensively. We have three separate locations in the same building. Web filtering, IDS/IPS are the obvious requirements. Squid and Snort open-source packages are installed. 

Our organization is ISO 27001 certified. 

An active directory was implemented to control IAM. Synology NAS with RAID for file sharing and off-premise data backup on the cloud. We have mostly L-2 switches to connect nodes. 

Endpoint security product is another layer of security there. 

The Netgate 6100 Max Model is equipped with pfSense Plus software. We configured it last week and replaced the Mikrotik router. There are many improvements, including more visibility, more control over Internet usage, and a robust VPN (no license required). 

There are multiple lease lines and load balancing, reserve or restrict bandwidth based on traffic priority, and user data transfer quotas.

We have almost no complaints about low speed, choking of the internet, or link problems. Now we can see and observe connections logs also. Usage reports are another improvement. 

It's an ideal gateway solution for small and medium businesses, i.e., around 300 devices can be easily handled. 

We received a simple router, however, there are various tools/software to install to activate the full feature of pfSense plus products such as Squid for proxy, Snort for IDS/IPS, Squidguard for content filtering, etc. You can find many open-source software under the package manager tab on the dashboard of pfSense. 

Traffic shaping and load balancing are excellent features. 

pfSense Plus software is a powerful firewall, router, and VPN solution that leverages a number of highly-regarded open-source projects. The software competes effectively with far more expensive commercial alternatives and is used by hundreds of thousands of businesses, educational institutions, and government agencies all over the world. Leading secure-networking features and capabilities include:

Ad blocker (pfBlockerNG)
Captive Portal
CARP/HA
DNS Server
DHCP Server
HTTP transparent/web/reverse proxy (Squid)
IP/Country block list (pfBlocker)
IDS/IPS - Snort
Packet capture/inspection
Port forwarding
QOS/rate limiters
Software load balancer (HA Proxy)
Traffic monitoring
Traffic logging, statistics, and graphs
Traffic shaping
VLAN
Wake-on-LAN
Website blocker (pfBlocker)

and many more packages. Just install and play with it.

There must be a wizard section as per the use case. For example, if we need a simple firewall there must be an auto-install of most required packages. In the same way, if we need a more strict firewall, then different configuration settings.

There must be a more easy-to-use GUI.

More documentation should be available within the package manager.

A visible ON/OFF button must be there and can be easily configured as required. 

An additional non-us electrical plug must be inside the box.

There should be an option to upgrade RAM (i.e. 8GB to 16GB). It can enhance the capacity of the proxy server. 

I bought this solution 15 days back and configured it last week. 

It's an enterprise product and very stable. 

The solution is very easily scalable. 

As of now, we have not taken support. 

Positive

We were using a simple Mikrotik router with the limited capabilities of a firewall. 

It's not straightforward to set up. That said, it is not complex. Just use Netgate documentation and get help from YouTube resources.

We implemented it via an in-house team. My system admin configured it with the help of available documentation. 

The solution offers matchless ROI. There is no license for the VPN and no annual fees. It is a simple product. 

The product is very cost-effective and has no requirement for additional licenses.

The setup is not easy. Users need more technical expertise to configure it. This is not advisable for non-IT users. 

We checked Sophos and Sonicwall. Due to more configurable options and lower prices, and even no requirement of licenses, we decided to move to pfSense. 

This is the best solution with very impressive cost-effectiveness.